Solved: Using multiple radius servers for authentication

Tommy Svensson · ‎05-31-2011

Hi.

I want to setup a PPTP to my router and i wonder if it is possible to use multiple windows IAS servers on one Cisco router?

The scenario is that i have more than one company using this PPTP connection and they all have their own AD on their own VLAN, i would like the router to forward the authentication request containing username and password to all the Windows IAS servers that i specify or go throught them one at the time until it recieves an awnser.

Is this possible?

Regards Tommy Svensson

Tarik Admani · ‎06-14-2011

Tommy,

This is not possible because if a radius server receives a username it will simple reject the user and send that response to the Cisco router. The radius protocol doesnt discard or send any other message to let the router know that the user isnt present in its database.

I know with ACS that if a username was sent with a special domain it can proxy that communication over to the acs server and the Cisco router based on the username.

I hope this helps,

Tarik

View solution in original post

Tarik Admani · ‎06-14-2011

Tommy,

This is not possible because if a radius server receives a username it will simple reject the user and send that response to the Cisco router. The radius protocol doesnt discard or send any other message to let the router know that the user isnt present in its database.

I know with ACS that if a username was sent with a special domain it can proxy that communication over to the acs server and the Cisco router based on the username.

I hope this helps,

Tarik